Google Introduces 24-Hour Delay for Unverified App Installs

Google Introduces 24-Hour Delay for Unverified App Installs

Posted on By CWS

Google has introduced a mandatory 24-hour waiting period for sideloading apps from unverified developers on Android devices. This new policy aims to enhance user safety by reducing the risk of malware and scams, while maintaining the platform’s openness.

Background of the New Sideloading Policy

The update follows a previous mandate requiring Android apps to be registered by verified developers to be installed on certified devices. This step was taken to swiftly identify malicious actors and prevent the distribution of harmful software. The delay seeks to protect users from cybercriminals who may exploit sideloaded apps to gain unauthorized access and disable protective features like Play Protect.

Concerns and Criticisms

Despite Google’s intentions, the new requirements have faced backlash from over 50 app developers and marketplaces, including organizations like F-Droid and The Tor Project. Critics argue that the policy could create entry barriers and raise concerns about privacy and data security. Questions remain about the handling of personal information required for developer verification and potential government access to this data.

Implementation of the Advanced Sideloading Flow

Google has introduced an advanced flow allowing experienced users to sideload apps from unverified sources. This involves enabling developer mode, confirming the action is voluntary, and re-authenticating after a 24-hour wait using biometric data or a device PIN. Users can then install apps indefinitely or for seven days, provided they understand the risks involved.

According to Sameer Samat, President of Android Ecosystem, this waiting period is designed to disrupt potential attacks, allowing users time to verify threats. Google also plans to provide free limited distribution accounts for hobbyists and students, enabling app sharing with up to 20 devices without stringent identification requirements.

Future Outlook and Security Measures

The advanced flow and limited distribution accounts will be available by August 2026, ahead of the new verification requirements in September. This initiative coincides with the emergence of the Perseus malware targeting users in Turkey and Italy for device takeover and financial fraud. Over the past months, several Android malware families have been identified, underscoring the importance of enhanced security measures.

Google acknowledges the diversity of its ecosystem, emphasizing the need for flexible solutions to accommodate different user needs without compromising security. The company is committed to providing multiple pathways for developers to meet verification standards.

The Hacker News Tags:, , , , , , , , ,

Related Posts

One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief The Hacker News
[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them [Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them The Hacker News
SEC Files Charges Over Million Crypto Scam Using Fake AI-Themed Investment Tips SEC Files Charges Over $14 Million Crypto Scam Using Fake AI-Themed Investment Tips The Hacker News
Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts The Hacker News
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack The Hacker News
The Hype We Can Ignore (And the Risks We Can’t) The Hype We Can Ignore (And the Risks We Can’t) The Hacker News